﻿<!--#include file="conn.asp"-->
<%
Dim rs
Dim sName,sPhone,sex,sPlace,code,describe,querycode
Dim action
action=request("Action")
sName=request("Name")
sex=request("Sex")
sPlace=request("Place")
sPhone=request("Phone")
querycode=request("QueryCode")
describe=request("Describe")
Select Case LCase(action)
	Case "new"
	  'everyone
		If AddNewClient(sName,sPhone,sPlace,sex,describe,querycode,code)="ok" Then
			Session("fix_rid")=getInfo("s_request","code","'" & code & "'","id")
			logActivity Session("fix_rid"),"wait"
			response.Clear
			response.Write("{msg:'ok',code:'" & code & "'}")
			response.End
		End If
	Case "logout"
	  'everyone
		Call logInOut(action)
	Case "varify"
	  'everyone
		Call logInOut(action)
	Case "refuse"
		refuse(NewRequest("rid"))
	Case "finish"
		finish(NewRequest("rid"))
	Case "reinit"
		reinit(NewRequest("rid"))
	Case "accept"
	    Dim reqID
	    reqID=NewRequest("RequestID")
	    If reqID="" Then
		    WriteIt "{msg:'error',param:'error'}"
	    Else
		    acceptReq(reqID)
	    End If
	case "alter"
	    call alteradmin
	case "getfile"
		dim fname
		fname=NewRequest("FileName")
		if adminLogin=true then
		    if fname<>"" then
		        response.Clear
		        response.Write(ReadAnyTextFile(Server.MapPath(fname),"utf-8"))
		        response.End
		    end if
		else
			WriteIt "error"
		end if
	case "savefile"
		dim fsavename,sCode
		sCode=Request("Text")
		fsavename=NewRequest("FileName")
		if adminLogin=true then
		    if fsavename<>"" then
		        SaveAnyTextFile sCode,Server.MapPath(fsavename),"utf-8"
				WriteIt "{msg:'ok',param:'保存成功！'}"
			else
				WriteIt "{msg:'error',param:'文件名缺失！'}"
		    end if
		else
			WriteIt "{msg:'error',param:'权限不足！'}"
		end if
	case "createfile"
		dim fnewname
		fnewname=NewRequest("FileName")
		if adminLogin=true then
		    if fnewname<>"" then
		        SaveAnyTextFile "",Server.MapPath(".") & "\" & fnewname,"utf-8"
				WriteIt "{msg:'ok',param:'创建成功！'}"
			else
				WriteIt "{msg:'error',param:'文件名缺失！'}"
		    end if
		else
			WriteIt "{msg:'error',param:'权限不足！'}"
		end if
        case "getpage"
		dim surl
		surl=NewRequest("URL")
                retHtml surl
End Select
function alteradmin()
'todo
    dim sfield,svalue,code
    sfield=NewRequest("Field")
    svalue=NewRequest("Value")
    code=NewRequest("Code")
    if isLogin=true then
        if sfield="ad_code" then
            WriteIt "{msg:'error',param:'不允许修改此字段'}"
            exit function
        end if
        if adminLogin=true then
            alterInfo "s_admin","ad_code","'" & code & "'",sfield,"'" & svalue & "'"
        else
            if Session("fix_usercode")<>code then
                WriteIt "{msg:'error',param:'无权限'}"
                exit function
            else
            alterInfo "s_admin","ad_code","'" & Session("fix_usercode") & "'",sfield,"'" & svalue & "'"
            end if
        end if
        WriteIt "{msg:'ok',param:'ok'}"
    end if
end function
Function logInOut(action)
	If LCase(action)="logout" Then
		Session("fix_usercode")=""
		Session("fix_loginrole")="normal"
		Response.Redirect "index.asp"
		Exit Function
	End If
	Dim kUser
	Dim kPass
	kPass=NewRequest("Pass")
	kUser=NewRequest("Name")
	Dim ks
	Set ks=Server.CreateObject("adodb.recordset")
	ks.open "select ad_code,ad_password,right,[state] from s_admin",conn,3,3
	If ks.recordcount=0 Then
		WriteIt "{msg:'error',param:'用户名密码错误'}"
		ks.close
		Set ks=Nothing
		Exit Function
	End If
	Do While Not ks.eof = True
		If ks("ad_code")=kUser And ks("ad_password")=kPass Then
			if ks("state")="active" then
				Session("fix_loginrole")=ks("right")
				Session("fix_usercode")=ks("ad_code")
				WriteIt "{msg:'ok',param:''}"
				ks.close
				Set ks=Nothing
				Exit Function
			else
			    Session("fix_loginrole")=ks("right")
				Session("fix_usercode")=ks("ad_code")
				WriteIt "{msg:'" & ks("state") & "',param:'alterinfo.asp'}"
				ks.close
				Set ks=Nothing
				Exit Function
			end if
		End If
		ks.movenext
	Loop
	ks.close
	Set ks=Nothing
	WriteIt "{msg:'error',param:'用户名密码错误'}"
End Function

Function AddNewClient(name,phone,place,sex,describe,querycode,code)
	Dim rse
	Dim maxnum
	maxnum=GetMaxNumber()
	Set rse=server.CreateObject("adodb.recordset")
	rse.open "s_request",conn,3,3
	rse.addnew
	rse("sName")=name
	rse("sPhone")=phone
	rse("sex")=sex
	rse("sPlace")=place
	rse("code")=Year(Now) & FixStr(Month(Now)) & FixStr(Day(Now)) & FixStr(Hour(Now)) & FixStr(Minute(Now)) & FixStr(Second(Now))
	code=rse("code")
	rse("querycode")=querycode
	rse("describe")=describe
	rse("numtoday")=maxnum
	rse("state")="wait"
	rse.update
	rse.close
	AddNewClient="ok"
End Function
Function GetMaxNumber()
	Dim res
	Set res=server.CreateObject("adodb.recordset")
	res.open "select iif(isnull(max(id)),0,max(id)) as MaxID from s_request",conn,3,3
	If res.recordcount=0 Then
		GetMaxNumber=0
		res.close
		Exit Function
	End If
	GetMaxNumber=res("MaxID")
	res.close
	Exit Function
	res.close
End Function

Function refuse(RequestID)
	If modifyRequest(RequestID,"refuse","refuse")=True Then
		Response.Clear
		Response.Write "{msg:'ok',param:'拒绝请求成功！'}"
		Response.End
	Else
		Response.Clear
		Response.Write "{msg:'ok',param:'拒绝请求失败，请重试！'}"
		Response.End
	End If
End Function

Function finish(RequestID)
	If modifyRequest(RequestID,"done","done")=True Then
		WriteIt "{msg:'ok',param:'完成请求成功！'}"
	Else
		WriteIt "{msg:'ok',param:'完成请求失败，请重试！'}"
	End If
End Function

Function reinit(RequestID)
	If modifyRequest(RequestID,"wait","return")=True Then
		WriteIt "{msg:'ok',param:'完成请求成功！'}"
	Else
		WriteIt "{msg:'error',param:'完成请求失败，请重试！'}"
	End If
End Function

Function modifyRequest(RequestID,state,other)
	On Error Resume Next
	If adminLogin=True Or officerLogin=True Or CStr(Session("fix_rid"))=RequestID Then
		'获取对于的request.id
		Dim rsp
		Dim aid
		Dim sqls
		Set rsp=Server.CreateObject("adodb.recordset")
		rsp.open "select * from s_request left join s_accept on s_accept.RequestID=s_request.id where s_request.id=" & RequestID,conn,3,3
		    aid=rsp("s_accept.id")
		rsp.close
		Set rsp=Nothing
		
		
		logActivity RequestID,other
		'如果是重置，则清除关联
		If other="return" Then
			ExcuteSql "delete from s_accept where id=" & aid
		End If
		'更新请求信息状态
		sqls="update s_request set [state]='" & state & "' where id=" & RequestID
		ExcuteSql sqls
		If Err.number=0 Then
			modifyRequest=True
		Else
			modifyRequest=False
		End If
	End If
End Function

Function acceptReq(RequestID)
	'插入数据
	Dim sql
	Dim rmod
	Dim acceptID
	sql="insert into s_accept(resp_boycode,resp_time,RequestID) values('" & Session("fix_usercode") & "','" & Now & "'," & RequestID & ")"
	ExcuteSql sql
	'更新数据
	sql="update s_request set [state]='taken' where id=" & RequestID
	ExcuteSql sql
	acceptID=getAcceptID(RequestID)
	logActivity RequestID,"taken"
	'提取数据显示
	Set rmod = Server.CreateObject("adodb.recordset")
	rmod.open "select sName,sPhone,sPlace,[describe] from s_request where id=" & RequestID,conn,3,3
	If rmod.recordcount=0 Then
		rmod.close
		Set rmod=Nothing
		WriteIt "{msg:'error',param:'未找到申请信息！'}"
		Exit Function
	End If
	WriteIt "{msg:'ok',name:'" & rmod("sName") & "',telphone:'" & rmod("sPhone") & "',location:'" & rmod("sPlace") & "',describe:'" & rmod("describe") & "'}"
	rmod.close
	Set rmod=Nothing
End Function

Function logActivity(ReqID,activity)
	Dim sqls
	if CStr(Session("fix_rid"))=CStr(ReqID) then
	    sqls="insert into s_activity(ReqID,[StateTime],[State],ByUser) values(" & ReqID & ",'" & Now & "','" & activity & "','poster')"
		ExcuteSql sqls
	else
	    if isLogin=true then
	        sqls="insert into s_activity(ReqID,[StateTime],[State],ByUser) values(" & ReqID & ",'" & Now & "','" & activity & "','" & Session("fix_usercode") & "')"
			ExcuteSql sqls
	    end if
	end if
End Function
%>